[
https://issues.apache.org/jira/browse/SYNCOPE-707?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Francesco Chicchiriccò updated SYNCOPE-707:
-------------------------------------------
Affects Version/s: 1.2.5
> ConfigurationLogin doesn't check the existence of key during deletion.
> ----------------------------------------------------------------------
>
> Key: SYNCOPE-707
> URL: https://issues.apache.org/jira/browse/SYNCOPE-707
> Project: Syncope
> Issue Type: Bug
> Affects Versions: 1.2.5, 2.0.0
> Reporter: Massimiliano Perrone
> Assignee: Massimiliano Perrone
> Priority: Minor
> Fix For: 1.2.6, 2.0.0
>
>
> When I try to delete a configuration I get always a valid response also when
> the configuration key doesn't exist (while I was expecting a NotFound error).
> Reading the code I found below difference from (1) ConfigurationLogic and,
> for instance, (2) SchemaLogic classes:
> (1)
> @PreAuthorize("hasRole('" + Entitlement.CONFIGURATION_DELETE + "')")
> public void delete(final String schema) {
> confDAO.delete(schema);
> }
> (2)
> @PreAuthorize("hasRole('" + Entitlement.SCHEMA_DELETE + "')")
> public void delete(final SchemaType schemaType, final String schemaName) {
> if (!doesSchemaExist(schemaType, schemaName)) {
> throw new NotFoundException(schemaType + "/" + schemaName);
> }
> switch (schemaType) {
> case VIRTUAL:
> virSchemaDAO.delete(schemaName);
> break;
> case DERIVED:
> derSchemaDAO.delete(schemaName);
> break;
> case PLAIN:
> default:
> plainSchemaDAO.delete(schemaName);
> }
> }
> As you can read the second class has a control on schema existence, the first
> one hasn't.
> We have to add the same check on the ConfigurationLogic class.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
